Bug report #17947

Add GeoJSON from a https URL on Windows fails due to a SSL certificate problem

Added by David Piles over 2 years ago. Updated over 1 year ago.

Status:Open
Priority:Normal
Assignee:-
Category:Data Provider
Affected QGIS version:3.4.4 Regression?:No
Operating System:Windows 7 , windows 10 Easy fix?:No
Pull Request or Patch supplied:No Resolution:
Crashes QGIS or corrupts data:No Copied to github as #:25843

Description

Trying to add a Geojson in QGIS Desktop from a url from the dialog add vector layer by protocol, gives error.
"Invalid data source https: // ......... .geojson is not a valid or recognized data source".
The same geojson, if I open it in local works, online gives that error.
It doesn't work with http, or with https.
If you copy the content of the geojson in the URI, it shows it to you.
It has not worked for me in the QGIS Desktop 2.18.14 and QGIS Desktop 2.18.16, windows versions.

qgis.jpg - Picture adding a new line under environment (73.6 KB) David Piles, 2018-02-02 09:11 AM


Related issues

Duplicated by QGIS Application - Bug report #20898: Geojson Protocol in QGIS 3.4.3 Closed 2018-12-31

History

#1 Updated by David Piles over 2 years ago

  • Assignee deleted (Luigi Pirelli)

#2 Updated by Nyall Dawson over 2 years ago

  • Status changed from Open to Feedback

Just a hunch - is this geojson from fulcrum?

Try this:

Inside QGIS, go to Options - System. Under "environment" add a new line, with

VARIABLE: GDAL_HTTP_USERAGENT
VALUE: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

ok out of options, restart qgis.

It'll work ok after that.

Seems like something at fulcrum is blocking the user agent used by gdal.

#3 Updated by Alessandro Pasotti over 2 years ago

  • Subject changed from Ad GeoJSON from a URL to Add GeoJSON from a URL

#4 Updated by David Piles over 2 years ago

  • File qgis.jpg added
  • Assignee set to Alessandro Pasotti

Thx
As in the picture?
It doesn't work for me after restarting.

#5 Updated by Alessandro Pasotti over 2 years ago

  • Assignee deleted (Alessandro Pasotti)

#6 Updated by Richard Duivenvoorde over 2 years ago

You are not behind a proxy are you?

Can you provide the url you are testing? Or the json you receive when you download it in your browser?

As a test I just scribbled a line in http://geojson.io and save it on my homeserver: http://duif.net/test.json

That just works for me both in 2.18 and in master.

Can you check those (line around europe)

#7 Updated by David Piles over 2 years ago

I'm not behind a proxi.
My GeoJSON is done through the menu "save as" QGIS, from a shp file.
Maybe there's the problem, the format in which QGIS mades and save geojsons.
Try this url: https://strageo.es/wp-content/uploads/datos/Testing_QGIS1.geojson
If you open directly in QGIS it works, but by the protocol method doesn't work.

#8 Updated by Richard Duivenvoorde over 2 years ago

  • Subject changed from Add GeoJSON from a URL to Add GeoJSON from a https URL on Windows fails due to a SSL certificate problem

Ok, confirmed here on a recent Windows osgeo4w64 build. In the message console it says:

2018-02-06T18:03:24    1    Data source is invalid (SSL certificate problem: unable to get local issuer certificate)

Seems the problem seems to be the httpS connection.
Will change the Subject

In Linux this works just fine.

To test on windows: http://duif.net/Testing_QGIS1.geojson works just fine.
https://duif.net/Testing_QGIS1.geojson does not load and shows error above

Tried to update to latest 2.18, but did not help.

Also tested current master/2.99 in same environment: Same problem!

QGIS version
2.99.0-Master
QGIS code revision
1a117cf080
Compiled against Qt
5.9.2
Running against Qt
5.9.2
Compiled against GDAL/OGR
2.2.3
Running against GDAL/OGR
2.2.3
Compiled against GEOS
3.5.0-CAPI-1.9.0
Running against GEOS
3.5.0-CAPI-1.9.0 r4084
PostgreSQL Client Version
9.2.4
SpatiaLite Version
4.3.0
QWT Version
6.1.3
PROJ.4 Version
493
QScintilla2 Version
2.10.1
This copy of QGIS writes debugging output.

#9 Updated by Richard Duivenvoorde over 2 years ago

Adding another observation:

Plain ogrinf generates the same error:

C:\osgeo4w64>ogrinfo https://duif.net/Testing_QGIS1.geojson
ERROR 1: SSL certificate problem: unable to get local issuer certificate
ERROR 1: SSL certificate problem: unable to get local issuer certificate
FAILURE:
Unable to open datasource `https://duif.net/Testing_QGIS1.geojson' with the following drivers.

#10 Updated by Tom Chadwin over 2 years ago

Does this help when trying ogrinfo:

--config GDAL_HTTP_UNSAFESSL YES

Source: https://toolkit.data.wa.gov.au/hc/en-gb/articles/115000819754

EDIT: A better source on gdal-dev, with input from Even is here:

https://lists.osgeo.org/pipermail/gdal-dev/2017-June/046714.html

#11 Updated by Luigi Pirelli over 2 years ago

May you check a workaround in windows? In a win installation that expose the porblem, try to load the geojson in a Explorer (not other browser... only Explorer!)
Then try to load in QGIS as usual and verify if the error is still present.

The rational is that a CAPI enabled Browser, reciving a Unsercognised CA, try to ask to the M$ services to check if the CA is trustable, it M$ say yes, the CA is added in the CA lists.

let us know if this warkaround works... if so, we can follow with possibile solutions.

#12 Updated by Richard Duivenvoorde over 2 years ago

@Tom Chadwin: yes that helped (for ogrinfo)...

#13 Updated by Richard Duivenvoorde over 2 years ago

@Luigi tried your test also here (by the way I'm on a recent new/updtodate WIN10 VM here, not a fully registred Windows install).

Loaded the https url succesfully in Explorer... that made my (by accident) already running QGIS 2.18 crash instantanious?! :(
So? apparently something was happening?

But restarting QGIS it still gives the error, and also the master version of QGIS.
Also tried with a clean .qgis2 dir, and by adding the url to Microsoft Edge (as that is their favorite isn't it?).
But all did not help...

Not that the duif.net cert is a Letsencrytp certificate, while the https url from the original issuer (https://strageo.es/wp-content/uploads/datos/Testing_QGIS1.geojson) is a Digicert certificate. Both failing (in my and his environment).

#14 Updated by Geoffrey Baum over 2 years ago

Nyall Dawson wrote:

Just a hunch - is this geojson from fulcrum?

Try this:

Inside QGIS, go to Options - System. Under "environment" add a new line, with

VARIABLE: GDAL_HTTP_USERAGENT
VALUE: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

ok out of options, restart qgis.

It'll work ok after that.

Seems like something at fulcrum is blocking the user agent used by gdal.

A Fulcrum GeoJSON opens for me in QGIS 2.18.7 but not within QGIS 3.0, pretty much any QGIS after 2.18.8 I believe from other discussions I've seen online. Also your advice does not seem to work in any other versions if added to the Environment variables.

#15 Updated by joe larson almost 2 years ago

I wanted to checkin here to see if there's any update to this issue or advice on how we might be able to overcome this (disclaimer, I work on the Fulcrum product). This is currently still an issue with Windows 2.x LTR and 3.x, but if you go back to 2.16.3-1 it is functional. In my testing, none of the suggestions mentioned in this thread help in getting these data sources to be recognized.

#16 Updated by Calvin Metcalf over 1 year ago

I'm seeing this for google URLs too, it was a fresh install of QGIS and trying to load some geojson from a url got the `SSL certificate problem: unable to get local issuer certificate` error

#17 Updated by Giovanni Manghi over 1 year ago

Calvin Metcalf wrote:

I'm seeing this for google URLs too, it was a fresh install of QGIS and trying to load some geojson from a url got the `SSL certificate problem: unable to get local issuer certificate` error

what qgis version? what os and version?

#18 Updated by Giovanni Manghi over 1 year ago

#19 Updated by Jürgen Fischer over 1 year ago

Please test with QGIS 3.4 - QGIS 2.18 reached it's end of life.

#20 Updated by joe larson over 1 year ago

  • Affected QGIS version changed from 2.18.16 to 3.4.4

I am still experiencing the same behavior in my test with 3.4.4 on Windows 10 and have updated the 'Affected QGIS version' of this ticket. Noted, I am testing in a virtualized environment (Parallels via a Mac host OS). It would be nice if someone else can also test.

#21 Updated by Nyall Dawson over 1 year ago

Joe - are you connecting to fulcrum? Because they also block the QGIS user agent from direct access (no idea why).

#22 Updated by joe larson over 1 year ago

Nyall Dawson wrote:

Joe - are you connecting to fulcrum? Because they also block the QGIS user agent from direct access (no idea why).

Hi Nyall, yes - I'm trying from Fulcrum. It's not an issue on Mac with QGIS 3.4. I suspect this is related #19331

In my Win10 VM/QGIS 3.4.4, I can connect to the Fulcrum data by setting GDAL_HTTP_UNSAFESSL = YES ...so we'll provide that workaround for now.

#23 Updated by Chad Howard over 1 year ago

I used the Data Share feature from Fulcrum in every version of QGIS up to 3.4.3. After this version it broke but only in the Windows Version of QGIS. The Linux and Mac versions still operate perfectly with no problems at all. In the windows version when you pick GeoJson as your viable there are TWO in the list and neither work. I have tried to place the work around listed above and still does not work. It is not the end of the world for me since I have 2 Linux boxes, 3 Macs and 2 Windows computers so when I need to import data from fulcrum I just kick over to a Linux or Mac machine.

#24 Updated by Giovanni Manghi over 1 year ago

  • Priority changed from High to Normal
  • Status changed from Feedback to Open
  • Regression? changed from Yes to No

Also available in: Atom PDF